PHP Settings

Choose one of the following PHP handlers at Hosting Parameters > PHP handler type taking into consideration resources consumption and security aspects of each option:

PHP_settings

 

Performance

Memory Usage

Security

Apache module (Linux only)

High.

Runs as a part of the Apache web server.

Low

This handler (also known as mod_php) is the least secure option as all PHP scripts are executed on behalf of the apache user. This means that all files created by PHP scripts of any plan subscriber have the same owner (apache) and the same permission set. Thus, there is a theoretical possibility that some users will try to affect files of another users or some important system files.

Note: You can evade some security issues by turning the PHP safe_mode option on. It disables a number of PHP functions that bring potential security risk. Note that this may lead to inoperability of some web apps. The safe_mode option is considered to be obsolete and is deprecated in PHP 5.3.

ISAPI extension (Windows only, not supported since PHP 5.3)

High.

Runs as a part of the IIS web server.

Low

The ISAPI extension can provide site isolation in case a dedicated IIS application pool is switched on for subscriptions. Site isolation means that sites of different customers run their scripts independently. Thus, an error in one PHP script does not affect the work of other scripts. In addition, PHP scripts run on behalf of a system user associated with a hosting account.

Note: The ISAPI extension handler is not supported since PHP 5.3.

CGI application

Low.
Creates a new process for each request and closes it once the request is processed.

Low

The CGI handler provides PHP script execution on behalf of a system user associated with a hosting account. On Linux, this behavior is possible only when the suEXEC module of the Apache web server is on (default option). In other case, all PHP scripts are executed on behalf of the apache user.

We recommend that you use the CGI application handler only as a fall-back.

FastCGI application

High (close to Apache module and ISAPI extension).

Keeps the processes running to handle further incoming requests.

High

The FastCGI handler runs PHP scripts on behalf of a system user associated with a hosting account.

PHP-FPM application (Linux only)

High

Low

The PHP-FPM is an advanced version of FastCGI which offers significant benefits for highly loaded web applications.

The PHP-FPM handler is available only if it was installed by hosting provider and if the option Process PHP by nginx in the website’s settings is turned on (Websites & Domains > select a domain > Web Server Settings).

Note: Switching PHP from Apache module to FastCGI application may break functionality of existing PHP scripts. Switching to PHP-FPM by selecting Process PHP by nginx in the website’s web server settings may do the same.

PHP Version

Plesk supports different versions of PHP. For each handler, one or more PHP versions can be available. The list of available versions is defined by your hosting provider and available to you in the same location where you select the PHP handler: Websites & Domains section > domain name > Hosting Settings.

Note: Always use PHP 5.x except the cases when you need PHP 4.x to host some old PHP apps.

Since Plesk 10.4, you have the ability to adjust PHP configuration individually for each hosting plan or subscription. For this purpose, Plesk exposes a number of PHP configuration settings on the PHP Settings tab. To learn more about custom per-subscription PHP configuration, refer to the section Customize PHP Configuration.